Could Hackers Be Rerouting Airplanes?
#21
As I said before within the physical limits of the hardware, absolutely anything is possible with software. With enough skill and access, it would be possible to send an airplane off course with all indications appearing normal except for two...the mag compass and the position of the sun relative to the nose. But the people with those skills (the system designers and neer-peer nation-state intel/military) would probably not have an incentive to do it.
Possible? Sure, there's a chance for almost anything. Probable? ehhhhhhhh....
#22
#23
Gets Weekends Off
Joined APC: Jul 2014
Posts: 269
Retired Federal Aviation Administration technical writer-editor Michael Menkin making a thought screen helmet. Construction time for each helmet is four hours.
Btw, that explains a few things about FAA Ops...
#24
As I said before within the physical limits of the hardware, absolutely anything is possible with software. With enough skill and access, it would be possible to send an airplane off course with all indications appearing normal except for two...the mag compass and the position of the sun relative to the nose. But the people with those skills (the system designers and neer-peer nation-state intel/military) would probably not have an incentive to do it.
Even with a lot of time and direct access it may be impossible in many circumstances. Something as simple as my G1000 firmware update now has to be signed with Garmin's private key, similar to the Apple-FBI issue. The ways around this rely on discovery of errors in the code (which is what the FBI may now be paying outsiders to do.) I agree with your assessment.
#25
Banned
Joined APC: Dec 2015
Position: Aeroflot
Posts: 179
Latest trailer on the new release movie previews:
Coming to a theater near you..... from the makers of Die Hard 2 (you know.. with the altered ILS that makes pilots fly into the ground while ignoring any baro or radar altimeter indications).
FO: "Sir, we appear to have a holding pattern in the FMS."
C: "Did you put that there?"
FO: "No"
cut to close-up of resolute airline Captain as he slowly realizes the tough spot they're in.
C: "Oh..My...God."
jet enters holding at that moment, rolling into 30 degrees of bank while terrified passengers clutch each other, screaming. Cue the champagne flute tipping off a seat tray in first class while a passenger returning from the bathroom finds the closest seat and buckles up in panic.
FO: "Ethiad 440, entering holding, FL350"
ATC: Why?
Back to FO as he wipes sweat from his brow, eyes the FMS screen and looks up at the camera.
FO: "It's in the box!!!!!"
Coming to a theater near you..... from the makers of Die Hard 2 (you know.. with the altered ILS that makes pilots fly into the ground while ignoring any baro or radar altimeter indications).
FO: "Sir, we appear to have a holding pattern in the FMS."
C: "Did you put that there?"
FO: "No"
cut to close-up of resolute airline Captain as he slowly realizes the tough spot they're in.
C: "Oh..My...God."
jet enters holding at that moment, rolling into 30 degrees of bank while terrified passengers clutch each other, screaming. Cue the champagne flute tipping off a seat tray in first class while a passenger returning from the bathroom finds the closest seat and buckles up in panic.
FO: "Ethiad 440, entering holding, FL350"
ATC: Why?
Back to FO as he wipes sweat from his brow, eyes the FMS screen and looks up at the camera.
FO: "It's in the box!!!!!"
#26
I was not suggesting that would be a practical COA for a bad actor...it would take too much knowledge of too many systems and there are too many people who might notice. But as an academic exercise you could probably demonstrate something along these lines with enough resources.
I have relevant education and civilian and military experience on this. Lets just say the military bit is particularly relevant here. Like I said the only limitation is hardware, access, and skill. Firmware may be an access problem in some cases but even firmware has been re-written remotely. It depends on the design, but for example most consumer electronics can have their firmware updated via the internet...you don't need a tech with a dedicated physical connection.
Without getting too far into the weeds, it would be hard to update firmware in flight because it would take the device offline for at least a while. But if it were modified on the ground with the intent of being used later in flight...
It's a bit of a stretch that an airplane could be sent off course for long with no one noticing, the point being that you could make a real mess of things.
This is all limited by access and the available skillset. But do not underestimate the creativity of people who spend all their time contemplating these things. It's too late to make our systems tamper-proof (probably no such thing anyway) but it would be a good idea to limit access to the degree practical.
The real threat is probably economic disruption caused by a state actor in time of low-intensity conflict.
I have relevant education and civilian and military experience on this. Lets just say the military bit is particularly relevant here. Like I said the only limitation is hardware, access, and skill. Firmware may be an access problem in some cases but even firmware has been re-written remotely. It depends on the design, but for example most consumer electronics can have their firmware updated via the internet...you don't need a tech with a dedicated physical connection.
Without getting too far into the weeds, it would be hard to update firmware in flight because it would take the device offline for at least a while. But if it were modified on the ground with the intent of being used later in flight...
It's a bit of a stretch that an airplane could be sent off course for long with no one noticing, the point being that you could make a real mess of things.
This is all limited by access and the available skillset. But do not underestimate the creativity of people who spend all their time contemplating these things. It's too late to make our systems tamper-proof (probably no such thing anyway) but it would be a good idea to limit access to the degree practical.
The real threat is probably economic disruption caused by a state actor in time of low-intensity conflict.
"Taking over" the plane that I fly by remote control would be like activating the windshield wipers of your car by hacking into the your car's GPS receiver.
Can't be done.
8
#27
Gets Weekends Off
Joined APC: Jul 2014
Posts: 269
You should stop posting about this "conspiracy theory" of yours before everyone figures out that you have no idea what you are talking about.
"Taking over" the plane that I fly by remote control would be like activating the windshield wipers of your car by hacking into the your car's GPS receiver.
Can't be done.
8
"Taking over" the plane that I fly by remote control would be like activating the windshield wipers of your car by hacking into the your car's GPS receiver.
Can't be done.
8
You'd better read this;
Internet Crime Complaint Center (IC3) | Motor Vehicles Increasingly Vulnerable to Remote Exploits Released Mar 16, 2016
As previously reported by the media in and after July 2015, security researchers evaluating automotive cybersecurity were able to demonstrate remote exploits of motor vehicles. The analysis demonstrated the researchers could gain significant control over vehicle functions remotely by exploiting wireless communications vulnerabilities. While the identified vulnerabilities have been addressed, it is important that consumers and manufacturers are aware of the possible threats and how an attacker may seek to remotely exploit vulnerabilities in the future. Third party aftermarket devices with Internet or cellular access plugged into diagnostics ports could also introduce wireless vulnerabilities......
#28
Ultra Elite Cabal??? Huh? If you're talking about the intel agencies and cyber-warfare institutions of various nation states, yes that's for real. They can do almost anything given access. They can rapidly acquire or develop the skill in house...they're typically very well funded because many nations consider cyber to be a very potent asymmetric warfare capability. Certainly cheaper than a fleet of nuclear powered aircraft carriers and attendant air wings.
Google "Iran Centrifuges"
Software can be modified to accomplish absolutely anything which the hardware is physically capable of doing. You need access and skill. In some cases the required threshold of skill resides in very limited numbers of people but well-funded cyber warfare outfits can usually find a way if they want to badly enough.
#29
You should stop posting about this "conspiracy theory" of yours before everyone figures out that you have no idea what you are talking about.
"Taking over" the plane that I fly by remote control would be like activating the windshield wipers of your car by hacking into the your car's GPS receiver.
Can't be done.
8
"Taking over" the plane that I fly by remote control would be like activating the windshield wipers of your car by hacking into the your car's GPS receiver.
Can't be done.
8
So not worth losing a lot of sleep over, but don't kid yourself that it can never become an issue.
Worth noting that many or most cyber warfare capabilities are developed and then shelved until really needed. It's often the case that these capabilities are "one shot", in that employing them will cause the adversary to close the access mechanism or otherwise defend himself against subsequent attacks. That's why they are typically so highly classified; the very knowledge that they exist would render them useless...kind of a waste of money.
#30
Umm, I have multiple degrees + professional experience in exactly those fields. I didn't take out a loan for flight training
Software can be modified to accomplish absolutely anything which the hardware is physically capable of doing. You need access and skill. In some cases the required threshold of skill resides in very limited numbers of people but well-funded cyber warfare outfits can usually find a way if they want to badly enough.
Software can be modified to accomplish absolutely anything which the hardware is physically capable of doing. You need access and skill. In some cases the required threshold of skill resides in very limited numbers of people but well-funded cyber warfare outfits can usually find a way if they want to badly enough.
With solid programming a system could be made nearly entirely secure, and for a system that is essentially closed and obscure modification could be made nearly impossible. I disagree with your repeated blanket statement:
"Software can be modified to accomplish absolutely anything which the hardware is physically capable of doing."
With simple code verification your statement is generally is not true; and I know of no computer engineer or person in the field that would claim this. Look how long it took to hack a consumer console, say Xbox One, and there are literally millions of them around, and thousands of people trying simultaneously. It was literally years before it was opened.
Thread
Thread Starter
Forum
Replies
Last Post